Data Protection Policy

The Data Protection Act 1998 came into effect on 1 March 2000. Having completed a self-assessment guide Scottish Swimming must notify and as an Association we are required to comply with the eight data protection principles.

In terms of the Data Protection Act 1998, Scottish Swimming is the ‘data controller’, and as such determines the purpose for which, and the manner in which, any personal data are, or are to be, processed.

Scottish Swimming must ensure that they have:

  1. OBTAINED DATA FAIRLY AND LAWFULLY

    Scottish Swimming will always put their name on all paperwork, we will state what we intend to use the information for and also state if, and to whom we intend to give the personal data.

  2. HOLD DATA ONLY FOR SPECIFIC AND LAWFUL PURPOSES

    Scottish Swimming will ensure that if they intend to use data for direct marketing purposes that data subjects are made aware of this and given the opportunity not to have their particular data processed in this way. A simple tick box system is included on all paperwork.

    If the data held by Scottish Swimming is passed to a third party for any reason this is done with the permission of the data subjects and the 3 rd party must sign a declaration form stating how they will use the data. They must also agree not to copy the data for further use.

  3. DATA HELD IS RELEVANT, ADEQUATE AND NOT EXCESSIVE FOR ITS PURPOSE

    Scottish Swimming will monitor the quantities of data held for their business purposes and ensure that we hold neither too much nor too little data in respect of the individuals about whom data is held.

  4. DATA HELD IS ACCURATE AND KEPT UP TO DATE

    All errors must be rectified as soon as Scottish Swimming becomes aware of an error.

    Scottish Swimming provides its members with a copy of their data once a year for information and updating where relevant. All records are then amended accordingly.

  5. DATA IS NOT KEPT LONGER THAN NECESSARY

    All financial data will be held for seven years and then destroyed.

    All personal data will be removed from the system after one year of non-membership has lapsed.

  6. SECURITY

    Scottish Swimming must ensure that the have adequate security precautions in place to prevent loss, destruction or unauthorised disclosure of the data

    All Scottish Swimming computers have a log in system, which allows only authorised personnel to access personal data. Passwords on all computers are changed frequently.

    All personal, financial and child protection data is kept in a locked filing cabinet and can only be accessed by the Chief Executive, Director of Administration, National Development Officer, Finance Manager and Chairman where appropriate.

    When Scottish Swimming staff are using laptop computers out of the office care should always be taken to ensure that personal data on screen is not visible to strangers.

  7. PREVENTION OF THE ACCIDENTAL LOSS OR THEFT OF PERSONAL DATA

    The University of Stirling Server which can be accessed at any time automatically backs up all data held by Scottish Swimming. This server is located in a different building from the Scottish Swimming HQ.

    Scottish Swimming’s offices are locked outwith office hours and only staff have keys to access the building.

  8. TRANSFER OF DATA

    All personal data held by Scottish Swimming must not be transferred outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

MANUAL DATA

All membership forms are filed by club and district and these are located within the Scottish Swiimming’s main office. These files are cleared on an annual basis and the forms are destroyed every three years when current members are asked to complete a new form.

THE RIGHTS OF INDIVIDUALS

All individuals that Scottish Swimming hold data on have the right to:

  • Be informed upon request of all the information held about them within 40 days.
  • Prevent the processing of their data for the purposes of direct marketing.
  • Compensation if they can show that they have been caused damage by any contravention of the Act.
  • The removal or correction of any inaccurate data about them.

Scottish Swimming has the right to charge a fee (presently no more than £10) for this service.

April 2002